Revert "UBUNTU: SAUCE: (noup) netfilter: x_tables: check for size overflow"

This reverts commit 7da29bde. Dropping this SAUCE patch and replacing it by the upstream fix for CVE-2016-3135: d157bd76 "netfilter: x_tables: check for size overflow" The original fix (being reverted) was modified to keep only the 2nd check. https://marc.info/?l=netfilter-devel&m=145778004016206&w=2Signed-off-by: Luis Henriques <luis.henriques@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>

Revert "UBUNTU: SAUCE: (noup) netfilter: x_tables: check for size overflow"
This reverts commit 7da29bde. Dropping this SAUCE patch and replacing it by the upstream fix for CVE-2016-3135: d157bd76 "netfilter: x_tables: check for size overflow" The original fix (being reverted) was modified to keep only the 2nd check. https://marc.info/?l=netfilter-devel&m=145778004016206&w=2Signed-off-by: Luis Henriques <luis.henriques@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
fb839c75 · Luis Henriques · Kamal Mostafa · 8eb25e5a · fb839c75
Commit fb839c75 authored Jul 13, 2016 by Luis Henriques Committed by Kamal Mostafa Jul 15, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 0 additions and 3 deletions

net/netfilter/x_tables.c net/netfilter/x_tables.c +0 -3

No files found.
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -898,9 +898,6 @@ struct xt_table_info *xt_alloc_table_info(unsigned int size)
 	struct xt_table_info *info = NULL;
 	size_t sz = sizeof(*info) + size;
-	if (sz < size || sz < sizeof(*info))
-		return NULL;
 	/* Pedantry: prevent them from hitting BUG() in vmalloc.c --RR */
 	if ((SMP_ALIGN(size) >> PAGE_SHIFT) + 2 > totalram_pages)
 		return NULL;